Fatal error if RSA-PSS is used for encryption operations

Author: timlegge

RSA.pm

@@ -246,10 +246,12 @@ Encrypting user data directly with RSA is insecure.
 PKCS #1 v1.5 padding has been disabled as it is nearly impossible to use this
 padding method in a secure manner.  It is known to be vulnerable to timing
 based side channel attacks.
+L<Marvin Attack|https://github.com/tomato42/marvin-toolkit/blob/master/README.md>
 
 use_pkcs1_padding() now sets the padding method to use_pkcs1_pss_padding. 
 
-L<Marvin Attack|https://github.com/tomato42/marvin-toolkit/blob/master/README.md>
+B<Note>: RSA-PSS cannot be used for encryption/decryption and results in a
+fatal error.  Call C<use_pkcs1_oaep_padding> for encryption operations. 
 
 =item use_pkcs1_oaep_padding
 

RSA.xs

@@ -323,6 +323,10 @@ SV* rsa_crypt(rsaData* p_rsa, SV* p_from,
     size = EVP_PKEY_get_size(p_rsa->rsa);
     CHECK_NEW(to, size, UNSIGNED_CHAR);
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+    if(p_rsa->padding == RSA_PKCS1_PSS_PADDING)
+        croak("PKCS#1 v2.1 RSA-PSS cannot be used for encryption operations call \"use_pkcs1_oaep_padding\" instead.");
+
     EVP_PKEY_CTX *ctx;
 
     OSSL_LIB_CTX *ossllibctx = OSSL_LIB_CTX_new();